Requirements

Step 1: Install Nginx Web Server on FreeBSD

1. The first service we’ll install for our FBEMP stack in FreeBSD is the web server, represented by Nginx software.

Nginx web server has more pre-complied packages available in FreeBSD 11.x PORTS. In order to get a list of Nginx binaries from Ports repositories, issue the following commands in your server terminal.

# ls /usr/ports/www/ | grep nginx
# pkg search -o nginx

Find Nginx Packages

2. In this particular configuration, we’ll install the main package version of Nginx by issuing the below command. The pkg package management will ask you if you want to proceed with installing the nginx package. Answer with yes (y in command line) in order to start the installation process.

# pkg install nginx

Install Nginx on FreeBSD

3. After Nginx web server package was installed in your system, execute the following commands in order to enable the daemon system-wide and start the service in your system.

# sysrc nginx_enable="yes"
# service nginx start

Start and Enable Nginx on FreeBSD

4. Next, using the sockstat command, verify Nginx service network sockets, if they are binding on 80/TCP port, by issuing the below command. The output of sockstat command will be piped through grep utility in order to reduce the returned results only to nginx string.

# sockstat -4 | grep nginx

5. Finally, open a browser on a desktop computer in your network and visit Nginx default web page via HTTP protocol. Write the FQDN of your machine or your domain name or the IP address of your server in browser’s URL filed to request Nginx web server default web page. The message “Welcome to nginx!” should be displayed in your browser, as illustrated in the below screenshot.

http://yourdomain.com
http://your_server_IP
http://your_machine_FQDN

Verify Nginx on FreeBSD

6. The default weboot directory for Nginx web content in located in /usr/local/www/nginx/ absolute system path. In this location you should create, copy or install web content files, such as .html or .php files, for your website.

To change this location, edit nginx main configuration file and change the root directive to reflect your new webroot path.

# nano /usr/local/etc/nginx/nginx.conf

Here, search and update the following line to reflect your new webroot path:

root /path/to/new/webroot;

Step 2: Install PHP on FreeBSD

7. Unlike Apache HTTP server, Nginx does not have the capability to natively process PHP code. In return, Nginx web server passes PHP requests to a PHP interpreter, such as php-fpm FastCGI daemon, which inspects and executes the code. The resulted code is then returned back to Nginx, which re-assembles the code back to the requested html format and sends the code further to visitor web browser.

FreeBSD 11.x Ports repositories offers multiple binary versions for PHP programming language, such as PHP 5.6, PHP 7.0 and PHP 7.1 releases. In order to display all available pre-compiled PHP versions in FreeBSD 11.x, run the below commands .

# pkg search -o php
# ls /usr/ports/lang/ | grep php

8. You can choose to install whatever version of PHP you find best suited for the web application you run in your system. However, in this guide we’ll install PHP latest version.

To install PHP 7.1 release and some PHP important modules required for diverse web applications, run the following command.

9. After you’ve installed PHP packages in your system, open PHP-FPM configuration file for Nginx and adjust the user and group values to match the value on the Nginx runtime user, which is www. First, make a backup of the file with the below command.

# cp /usr/local/etc/php-fpm.d/www.conf{,.backup}

Then, open the file and update the following lines as presented in the below sample.

user = www
group = www

Configure PHP-FPM on FreeBSD

10. Also, create a PHP configuration file used for production by issuing the below command. On this file you can make custom changes that will be applied to PHP interpreter at runtime.

# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

For instance, change the date.timezone setting for PHP interpreter in order to update your machine physical location as shown in the below example. PHP timezone list can be found here: http://php.net/manual/en/timezones.php.

# vi /usr/local/etc/php.ini

Add following timezone (set timezone as per your country).

date.timezone = Europe/London

You can also adjust other PHP variables, such as maximum file size of uploaded file, which can be increased by modifying the below values:

upload_max_filesize = 10M
post_max_size = 10M

11. After, you’ve made the custom settings for PHP, enable and start PHP-FPM daemon in order to apply the new configurations by issuing the below commands.

# sysrc php_fpm_enable=yes
# service php-fpm start

Start and Enable PHP-FPM on FreeBSD

12. By default, PHP-FPM daemon in FreeBSD binds on a local network socket on port 9000/TCP. To display PHP-FPM network sockets execute the following command.

# sockstat -4 -6| grep php-fpm

13. In order for Nginx web server to pass the PHP scripts to FastCGI gateway server, which is listening on 127.0.0.1:9000 socket, open Nginx main configuration file and add the following block of code as illustrated in the below sample.

Replace the IP address or domain name in the below links accordingly. PHP info page should display information as illustrated in the below screenshot.

http://yourdomain.com/info.php
http://server_IP-or-FQDN/info.php

Check PHP Information in FreeBSD

Step 3: Install MariaDB on FreeBSD

16. The last component missing from your FEMP stack in the database. MariaDB/MySQL is one of the most associated open source RDBMS software with Nginx web server used for deploying dynamic websites.

Actually, MariaDB/MySQL is one of the most used relational databases in the world. Searching through FreeBSD Ports, you can find multiple releases of MariaDB/MySQL.

In this guide we’ll install MariaDB database, which is a community fork of MySQL database. To search for available versions of MariaDB, issue the following commands in terminal.

# ls -al /usr/ports/databases/ | grep mariadb
# pkg search mariadb

Find MariaDB Packages

17. To install the latest version of MariaDB database server execute the following command. You should also install the PHP relational database driver module used by PHP scripts for connecting to MySQL.

# pkg install mariadb102-server php71-mysqli

18. After the database has been installed, enable MySQL daemon and start the database service by running the following commands.

# sysrc mysql_enable="YES"
# service mysql-server start

19. Also, make sure you restart PHP-FPM daemon in order to load MySQL driver extension.

# service php-fpm restart

20. On the next step, secure MariaDB database by launching mysql_secure_installation script. Use the below sample of the installation script in order to answer the questions. Basically, say yes (y) for all asked questions to secure the database and type a strong password for MySQL root user.

# /usr/local/bin/mysql_secure_installation

MySQL Secure Installation Script Output

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

22. In order to further secure MariaDB, which by default to listens for incoming network connections on 0.0.0.0:3306/TCP socket, issue the below command to force the service to bind on loopback interface and completely disallow remote access. Afterwards, restart MySQL service to apply the new configuration.